package com.colabo.j2ee.web.oaf.security.impl;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.logout.LogoutHandler;

import com.colabo.j2ee.web.core.service.impl.DefaultServiceImpl;

public class SessionLogoutHandler extends DefaultServiceImpl implements LogoutHandler {
	private SessionRegistry sessionRegistry;
	private final Log logger = LogFactory.getLog(SessionLogoutHandler.class);
		
	/**
	 * @param request
	 *            not used (can be <code>null</code>)
	 * @param response
	 *            not used (can be <code>null</code>)
	 * @param authentication
	 *            not used (can be <code>null</code>)
	 */
	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
		HttpSession session = request.getSession(false);
		if (session != null) {
			sessionRegistry.removeSessionInformation(session.getId());
			logger.info("logout destrory:" + session.getId());
			session.invalidate();
			SecurityContextHolder.clearContext();
		}
	}

	public void setSessionRegistry(SessionRegistry sessionRegistry) {
		this.sessionRegistry = sessionRegistry;
	}
}
